const methodPermission = require('../config/permission');
const { ERROR } = require('../common/error');

function isAccessAllowed(user, setting) {
    const { role: userRole = [], permission: userPermission = [] } = user;
    const { role: settingRole = [], permission: settingPermission = [] } = setting;
    if (userRole.includes('admin')) {
        return;
    }
    if (settingRole.length > 0 && settingRole.every((item) => !userRole.includes(item))) {
        throw {
            errCode: ERROR.PERMISSION_ERROR,
        };
    }
    if (settingPermission.length > 0 && settingPermission.every((item) => !userPermission.includes(item))) {
        throw {
            errCode: ERROR.PERMISSION_ERROR,
        };
    }
}

module.exports = async function () {
    const methodName = this.getMethodName();
    if (!(methodName in methodPermission)) {
        return;
    }
    const { auth, role, permission } = methodPermission[methodName];
    if (auth || role || permission) {
        await this.middleware.auth();
    }
    if (role && role.length === 0) {
        throw new Error('[AccessControl]Empty role array is not supported');
    }
    if (permission && permission.length === 0) {
        throw new Error('[AccessControl]Empty permission array is not supported');
    }
    return isAccessAllowed(this.authInfo, {
        role,
        permission,
    });
};
